Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/A147FB6E991311EFB7BB5354C4F9AE02.roa
File:                     A147FB6E991311EFB7BB5354C4F9AE02.roa (raw, json)
Hash identifier:          wVeNSsmPeOOl8spUoRVrZWh+Hcs1x8Fi4c/dzbGxgfg=
Subject key identifier:   D8:60:8B:B1:24:DD:D0:CC:60:72:17:18:AE:EA:C7:85:2C:56:EE:32
Certificate issuer:       /CN=A917A84A/serialNumber=8A1A10EB8FBA45C2152CA8956F432F9A8139603A
Certificate serial:       1CA4
Authority key identifier: 8A:1A:10:EB:8F:BA:45:C2:15:2C:A8:95:6F:43:2F:9A:81:39:60:3A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/A147FB6E991311EFB7BB5354C4F9AE02.roa
Signing time:             Sat 02 Nov 2024 12:11:46 +0000
ROA not before:           Sat 02 Nov 2024 12:11:46 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        115.42.71.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.crl
                          rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Dec 2024 16:13:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7332 (0x1ca4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917A84A/serialNumber=8A1A10EB8FBA45C2152CA8956F432F9A8139603A
        Validity
            Not Before: Nov  2 12:11:46 2024 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=67261702-76d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:86:84:62:d0:66:f3:d0:df:9c:c1:d8:a3:63:
                    6a:c6:53:97:52:c2:af:6d:47:d2:c0:53:6b:ad:14:
                    33:98:f1:07:81:7c:fc:14:11:7b:be:a8:12:5a:f4:
                    6b:70:86:e2:e2:40:20:28:7e:51:21:23:82:41:2d:
                    aa:07:9a:cf:11:88:73:88:d8:07:3b:21:38:29:35:
                    65:27:c5:72:52:d0:cf:28:5a:3b:f6:1c:61:90:39:
                    88:92:b2:f0:51:17:6e:a0:5a:f2:f0:0b:33:dc:f6:
                    11:34:22:3a:3d:18:30:67:b8:d6:62:9e:6e:41:6b:
                    16:93:33:1b:a8:aa:8a:96:c3:26:73:02:ac:33:c0:
                    32:c2:4f:36:0a:d6:0e:0d:8b:6c:8e:a7:12:cc:13:
                    9d:5b:4f:ca:62:37:dc:10:7a:4b:aa:09:af:58:5f:
                    20:38:ea:f7:23:13:a4:90:2c:be:0c:1c:78:f5:01:
                    9f:02:62:54:84:7b:83:14:b1:14:76:76:71:92:11:
                    c3:13:4b:c2:be:61:51:42:f3:b9:c4:56:c5:0c:c1:
                    97:8d:17:08:54:50:b9:a7:93:2b:d6:78:df:70:c2:
                    01:32:81:c2:f7:bf:78:97:a6:17:85:9f:86:95:7b:
                    72:95:4f:c3:13:39:b8:7e:1d:9d:09:73:70:1e:0a:
                    7b:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:60:8B:B1:24:DD:D0:CC:60:72:17:18:AE:EA:C7:85:2C:56:EE:32
            X509v3 Authority Key Identifier:
                keyid:8A:1A:10:EB:8F:BA:45:C2:15:2C:A8:95:6F:43:2F:9A:81:39:60:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/ihoQ64-6RcIVLKiVb0MvmoE5YDo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ihoQ64-6RcIVLKiVb0MvmoE5YDo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917A84A/1805191AE1EF11E69D36501BC4F9AE02/A147FB6E991311EFB7BB5354C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.42.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:82:8b:6c:fb:8f:c4:4f:ef:a4:dc:b2:db:62:0f:32:b4:24:
         41:e7:ca:d2:6b:d5:cc:61:51:8a:78:fd:2b:33:31:4c:0e:ea:
         cd:c5:54:dc:b7:84:f6:6e:9f:7f:3a:b9:8a:ff:cc:40:71:55:
         4a:c7:e6:dd:1f:ca:16:7e:b3:09:43:59:0d:3a:09:3d:9c:81:
         1d:8e:ab:47:05:72:f7:bd:84:bf:cd:0b:37:41:a6:c0:65:0e:
         79:37:e2:6a:76:6d:84:04:cb:81:be:9d:24:0e:1b:d9:70:49:
         0f:60:70:06:27:81:b7:7d:32:f1:5b:92:0e:2d:0c:b1:25:11:
         ee:0e:51:16:38:24:d5:3d:0b:c7:93:80:65:4b:49:d9:47:0c:
         82:39:99:b1:30:7c:29:48:85:37:4a:e3:d1:a5:7b:5a:71:e0:
         15:15:bb:fb:4b:ec:ec:e2:8b:60:3a:9b:28:a2:74:75:9b:37:
         bc:7b:3d:04:cc:28:ba:c1:bd:25:37:9f:0b:7e:aa:c5:b2:82:
         a4:23:90:56:3f:a2:94:86:dc:ab:9a:ab:c7:23:94:ce:fe:86:
         f5:b3:9b:e7:72:9e:2e:f3:c2:e5:8e:a6:7b:20:df:99:f1:19:
         5a:79:38:0b:d8:54:33:ce:59:62:78:a8:5e:fc:75:36:09:73:
         f7:f9:4b:09
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICHKQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0E4NEExMTAvBgNVBAUTKDhBMUExMEVCOEZCQTQ1QzIxNTJDQTg5NTZGNDMyRjlB
ODEzOTYwM0EwHhcNMjQxMTAyMTIxMTQ2WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzI2MTcwMi03NmQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA54aEYtBm89DfnMHYo2NqxlOXUsKvbUfSwFNrrRQzmPEHgXz8FBF7vqgSWvRr
cIbi4kAgKH5RISOCQS2qB5rPEYhziNgHOyE4KTVlJ8VyUtDPKFo79hxhkDmIkrLw
URduoFry8Asz3PYRNCI6PRgwZ7jWYp5uQWsWkzMbqKqKlsMmcwKsM8Aywk82CtYO
DYtsjqcSzBOdW0/KYjfcEHpLqgmvWF8gOOr3IxOkkCy+DBx49QGfAmJUhHuDFLEU
dnZxkhHDE0vCvmFRQvO5xFbFDMGXjRcIVFC5p5Mr1njfcMIBMoHC9794l6YXhZ+G
lXtylU/DEzm4fh2dCXNwHgp76QIDAQABo4IClTCCApEwHQYDVR0OBBYEFNhgi7Ek
3dDMYHIXGK7qx4UsVu4yMB8GA1UdIwQYMBaAFIoaEOuPukXCFSyolW9DL5qBOWA6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QTg0QS8xODA1MTkxQUUx
RUYxMUU2OUQzNjUwMUJDNEY5QUUwMi9paG9RNjQtNlJjSVZMS2lWYjBNdm1vRTVZ
RG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lob1E2NC02UmNJVkxLaVZiME12bW9FNVlEby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0E4NEEvMTgwNTE5MUFFMUVGMTFFNjlEMzY1MDFCQzRGOUFFMDIvQTE0N0ZCNkU5
OTEzMTFFRkI3QkI1MzU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABzKkcwDQYJKoZIhvcNAQELBQADggEBAJ+Ci2z7j8RP76Tc
sttiDzK0JEHnytJr1cxhUYp4/SszMUwO6s3FVNy3hPZun386uYr/zEBxVUrH5t0f
yhZ+swlDWQ06CT2cgR2Oq0cFcve9hL/NCzdBpsBlDnk34mp2bYQEy4G+nSQOG9lw
SQ9gcAYngbd9MvFbkg4tDLElEe4OURY4JNU9C8eTgGVLSdlHDII5mbEwfClIhTdK
49Gle1px4BUVu/tL7Ozii2A6myiidHWbN7x7PQTMKLrBvSU3nwt+qsWygqQjkFY/
opSG3Kuaq8cjlM7+hvWzm+dyni7zwuWOpnsg35nxGVp5OAvYVDPOWWJ4qF78dTYJ
c/f5Swk=
-----END CERTIFICATE-----
Generated at Tue Dec 10 19:48:06 2024 by rpki-client on console-ams.rpki-client.org